TypePad Profile

Commercial Insurance

01/04/2011

Cloud Computing, it’s as if the term was coined just to keep insurance companies in a fog.

Early in 2010 I was introduced to Michael Abrahamsson. Michael is the CEO of Ilait, a market leading cloud computing and hosting wholesaler based in Sweden and a Board Member of Eurocloud. Ilait was looking to expand and deploy their services into the US and Michael had been referred to me to assist with placing insurance.

Insuring a provider of cloud computing services can be extremely difficult. Just communicating the exposure to insurance company underwriters who may not be familiar or understand the risk can be very challenging. Cloud computing typically consists of services such as Saas, utility computing, web services, platform as service, managed service providers, service commerce platforms, and internet integration. Exposure to loss comes in the form of business interruption/service interruption, data privacy breach/loss, and other financial loss due to the performance of service/product.

These are many of the same exposures to risk as most other technology organizations, but due to the nebulous nature of cloud computing, mitigating loss can be challenging. Communicating how an organization effectively manages this risk is what enables us to offer our clients the most competitive insurance premiums available.

However, organizations providing cloud computing services are not the only ones at risk. In fact, organizations that utilize cloud computing services must understand, and should consider contractually transferring this risk to the service provider, and/or insurance.

It is critical to understand that outsourcing cloud computing services is not the same as outsourcing or transferring risk. Be wary of cloud computing service contracts that include a hold harmless provision within the indemnity agreement that strongly favors the service provider. Furthermore, requiring adequate professional liability /E&O insurance limits can be challenging considering the significant number of other parties that may also be affected.

Finally, if utilizing cloud computing services be aware that your organization will be held responsible for State and Federal Laws related to data privacy and compliance to HIPAA, SOX, PCI and FISMA (for more information on data privacy you can read my article here). An indemnity agreement written or approved from your legal counsel is the first step to a strong risk management strategy, but if you are responsible for PII (Personal Identifiable Information), a comprehensive data privacy insurance policy should be strongly considered. Selecting a cloud computing service provider that has strong security controls and implementing strong contractual risk transfer will be reflected in lower insurance premiums.

Due to the significant amount of data being computed/ stored within the cloud, it will always be a target of fraud and abuse. However, the scalability, cost, and efficiency will inevitably lead to greater use. Taking the proper steps to mitigate loss and transfer risk via contract and/or through an insurance policy will reduce risk to an organizations balance sheet, and will make it much safer to harness the power of the cloud.

09/22/2010

Recently PWC published a report, 2009 Patent Litigation Study discussing current trends in patent litigation. In 2008 2,896 patent infringement actions were filed, up from 2007, with a median award of about $2.5million. Furthermore, the study found that roughly two thirds of infringement cases brought to trial were successful. In a 2009 American Intellectual Property Law Association Survey the mean cost of litigation (not including awards and damages) was between $767,000 and $5,499,000.

Cost of Patent Infringement Suit

$ at Risk

< $1MM

$1MM-$25MM

> $25MM

End of Discovery

$461,000

$1,589,000

$3,340,000

Inclusive, all costs

$767,000

$2,645,000

$5,499,000

In the Northwest, we’ve seen our fair share of Patent Infringement cases recently. Just in the last couple of months firms including Zillow, Likewise Software, Microsoft, and of course Paul Allen’s Interval Licensing and Nathan Myhrvold’s firm, Intellectual Ventures, have hit the headlines for their part in patent litigation.

Relative to insurance, coverage for Intellectual Property infringement has often been focused on the advertising/personal injury coverage within a standard General Liability policy. Patent infringement is excluded and coverage is typically limited to copyright, trade dress, or slogan, but only as it relates to your organizations advertising. For a technology organization, often Advertising/Personal Injury is completely excluded.

Organizations may carve back some forms of Intellectual Property infringement through a Professional Liability or Errors and Omissions policy. But again, coverage for Patent Infringement is typically excluded.

Patent Infringement Defense Insurance

If the threat exists that you could be sued by a competitor or a non practicing entity (one that does not design, manufacture, or distribute products) for Patent Infringement, you should consider Patent Infringement Defense coverage. A Patent Infringement Defense Insurance policy will reimburse outside legal expenses and damages awarded (up to the policy limits) to defend against charges of IP infringement.

To procure a policy, it is important to have a Freedom to Operate opinion from an established Patent Attorney within the last 6 months. If you do not have a Freedom to Operate opinion, the insurance company may provide an insurability review at an additional fee. Underwriting typically takes 2-3 weeks and will often include a conference call with the underwriter and your organizations technical experts regarding the IP make-up. Premiums start at around $20,000.

A well crafted policy will:

Enable the insured to mitigate the risk of an unexpected lawsuit

Provide the resources necessary to hire an attorney with expertise in Patent Litigation

Prevent a drain on the insured’s operating capital

Relieve pressure to settle due to limited financial resources

Discourage frivolous lawsuits

Prevent loss of market share

Provides coverage for Indemnification Obligations

Allow you to choose defense attorney

Rudolph Telscher, a Partner at the Law Offices of Harness Dickey, states, “Just about the time the smaller technology companies are making some headway in the market, larger companies take notice and either copy their technology or assert marginally relevant patents against the smaller company. Instead of settling, larger companies know that they can pursue the litigation for several months and eventually the smaller company will either collapse altogether or will take a very unfavorable settlement to get out of litigation.”

Furthermore Telscher states, in a case between Digit Wireless v Texas Instruments, “Without a doubt, letting Texas Instruments know about the insurance and the threat of insurance-backed litigation made the entire difference in securing a great settlement for Digit Wireless.”

When we think about insurance, we often think about insuring the building, computers, and other tangible property associated with an organization. Property/Casualty, Errors and Omissions, and Directors and Officers come to mind. But often an organizations biggest asset and biggest competitive advantage may be the organizations Intellectual Property. Good risk Management can decrease both the likelihood and severity of infringement claims but in many cases, resolution for these issues will result in an expensive legal battle. An alternative to self-funding lengthy litigation would be to transfer some of the risk to an insurance company, thereby reducing the pressure to settle.

If you are interested in learning more about Patent Infringement Defense Insurance please contact Cliff Rudolph, Technology Practice Leader for Parker, Smith, & Feek, at 425-709-3705 or cerudolph@psfinc.com

06/10/2010

You can’t attend a Human Resource, Marketing, or Legal conference these days without a discussion on social media.My wife and I have toddler age twin boys, and I relate social media for employers to organic chocolate milk… It's organic, has milk, and the brand we purchase even advertises DHA and Omega 3’s! Did I mention it was milk? Truth is, we limit the boys to one glass a week and they get plenty of exercise (running away from mom and dad).Similarly, Social Media for your organization is probably a good idea, but it’s important to put some policies and procedures in place and be consistent in your enforcement.

Social Media's dirty little secret? You and your employees are probably not covered by your General Liability policy.

I often peruse updates of organizations that I follow on a well known social networking/professional networking site. Recently I came across an individual commenting that he was considering organizing a flash mob as a way to raise awareness of his organizations industry. Basically, an individual responsible for organizational development and a vibrant social media user was gathering input on whether or not people would be willing to participate in an organized flash mob.A flash mob, as defined by wikipedia, is a large group of people who assemble suddenly in a public place, perform an unusual and pointless act for a brief time, and then quickly disperse.

While I thought it a great way to reach a specific demographic, I immediately cringed once I put on my risk management hat. I immediately started considering the impact of a recent FTC ruling and guidelines (FTC 16 CFR Part 255 Guides Concerning the Use of Endorsements and Testimonials in Advertising) related to potential liability imposed on employers for social media comments, regardless of the employers’ knowledge. While I doubt this industry group's flash mob would turn ugly similar to the event that occured in Philadelphia back in February of 2010 (a group of 150 teenagers involved in a flash mob leading to 16 arrests), I was concerned that lawsuits could be tendered to the employer of the organizer. And as we'll discuss, more than likely, this wouldn't be covered by the employers General Liability policy.

The landscape of business communication and the law governing social media is changing rapidly. It's important that employers speak with their attorney and understand the social media liability issues facing their organization.I would suggest that you consider reading an article published in The National Law Journal, “Social Media Permeate the Employment Lifecycle” . The liability facing employers is real, and It's worth noting that on March 16, 2010 the first lawsuit alleging unlawful conduct via social media due to a former employee's restrictive covenant was filed. In the lawsuit, TEKsystems sues three of its former employees and their new employer, Horizontal Integration, Inc. Also, another interesting lawsuit occured in 2009 when the owner of Pizza Kitchen was sued for defamation after posting disparaging remarks on Facebook about a marketing firm it was utilizing.

In the same ruling from the FTC above, they suggest that employers institute an appropriate policy governing social media participation by employees:

“if the employer has instituted policies and practices concerning ‘‘social media participation’’ by its employees, and the employee fails to comply with such policies and practices, the employer should not be subject to liability. The Commission agrees that the establishment ofappropriate procedures would warrant consideration in its decision”

"Companies are entitled to free speech, but their commercial speech is less protected. The lower protection comes in the form of a higher standard of care for truth and accuracy. So, when company employees participate in social media on behalf of their employer, they subject the company to the same risks as a newspaper or individual, but with less protection."

Furthermore, he suggests:

"In order to mitigate these risks, companies need to prepare their employees. A social media policy is part of that preparation. Such policies are about labor law, but also about advertising, marketing, public relations, product liability and other activities that carry legal implications."

So once you’ve committed the organization to the slippery slope of social media and have developed your policies and procedures, now it’s time to turn to the subject no one is talking about!Your General Liability policy will most likely NOT respond to a 3rd party claim or injury resulting from your blog or social media page.For example, the standard General Liability policy (ISO CG00 01 12 07) will exclude injury "arising out of an electronic chat room or bulletin board the insured hosts, owns, or over which the insured exercise control" (ISO CG00 01 12 07). As well as Personal and Advertising injury "arising out of the infringement of copyright, patent, trademark, trade secret or other intellectual property rights" (ISO CG00 01 12 07). This includes data privacy breaches and claims resulting from a data privacy breach. You will want to speak with your attorney to decide how a social media site that an employee owns or controls would be considered relative to a defamation lawsuit against your organization stemming from that employees "tweet", but I can say with confidence that most General Liability policies do not contemplate this risk.

So what is the solution?

Don't be caught by surprise! Twitter, Blogs, Facebook and other social media exposures are soon becoming just another part of an organizations daily operation.And while the organization may not be specifically involved in Social Media, what about your employees? Social Media needs to be carefully considered in your risk management program.

Insurance companies are well aware of this exposure and have developed innovative products to assist in covering this potential gap. Professional, Communications, Data Privacy & Media Liability policies, in many forms are available as endorsements or stand alone products and will compliment your enterprise wide risk management program. In many cases, coverage is relatively inexpensive with minimum annual premiums as low as $1,500.

09/30/2009

If you are in HR, are a director or officer of an organization, and/or a hiring/firing manager a recent decision by the Ninth Circuit Court of Appeals should be of significant concern. In Boucher v Shaw (July 2009) the court held that individual managers can be held liable for unpaid wages under the Fair Labor Standards Act.

One of the most frequent claims I see are lawsuits stemming from employee related allegations of wrongful termination, workplace discrimination, workplace harassment, and wage and hour claims.

Previously it was argued that an organizations managers, officers and owners could not be personally liable for the corporation's wage and hour violations. In Boucher vs. Shaw, Castaway Hotel Casino and Bowling Center filed for Chapter 7 liquidation bankruptcy in 2004; shortly thereafter a suit was filed for unpaid wages, vacation and holiday pay under the federal Fair Labor Standards Act(FSLA).

On appeal, the Ninth Circuit held that former employees of Castaways could pursue federal wage and hour claims filed personally against the CEO, CFO and other officers of the corporation.

Consider for a moment how it would effect you personally to be held personally liable for an employee related lawsuit. Not fun.

This is a significant issue for all employers. Furthermore, many organizations that purchase EPLI insurance (Employment Practices Liability Insurance) to defend and pay claims related to employee suits will be surprised to find out that the policy may not pay for claims against individuals.

Insurance coverage is available on a limited basis. Many of the common carriers of EPLI--Hartford, Travelers, CNA, Chartis, Chubb offer coverage for defense, some may offer indemnity. But it many cases coverage must be requested, and coverage varies from carrier to carrier. Seldom will a carrier offer to pay for a claim for wages.

Also, it is critical to check Who Is an Insured on your EPLI policy. While typically employees, officers, etc are considered insureds, policy language varies and you may also be faced with an insured vs insured exclusion, nullifying coverage.

Conclusion: Always request this coverage on EPLI policies. Be clear as to what's covered ( usually just defense) and what limit applies.

09/01/2009

Recently CU Times reported that CUNA Mutual/CUMIS would be adapting its corporate bond program based on the impact the economy has had on CUNA Mutual/CUMIS bottom line performance. CUNA MUTUAL Article in CU Times

“Because financial condition has an impact on Bond and SIP losses, we have an obligation as a mutual company committed to credit unions to take certain actions and maintain our financial strength for all of our policy owners.”

But what exactly does that mean if you are insured by CUNA Mutual/CUMIS? It could mean that the terms and conditions within the policy will change or renewal premiums could be much higher. But it could also mean that Credit Unions could be declined renewal coverage by CUNA Mutual/CUMIS.

I believe that CUNA Mutual/CUMIS will incorporate a plan to do all three. With the recent downgrades and negative outlook ratings by AM Best and Fitch This is probably a reaction by CUNA Mutual/CUMIS to strengthen a weakened financial position. Furthermore, should CUNA Mutual/CUMIS, continue to decline, many Credit Unions may be in breach of contract as many contracts require that insurance be placed with "A" rated insurance carriers. You'll note that recently the Federal Home Loan Bank of Boston decided to stop buying mortgages that have their primary insurance with CUNA Mutual Group Mortgage Insurance as a result of the Standard and Poor's July 29th downgrade from A to BBB+.

Credit Union's that purchase insurance directly from CUNA MUTUAL/CUMIS should start looking for alternatives today, as the marketplace is tough on financial institutions, and many brokers are unfamiliar with the specific needs of Credit Unions.

08/26/2009

An article I wrote on Data Privacy for Credit Union's was recently picked up by the largest Credit Union publication in the nation, CU Times and published today. It is widely regarded as the paper of record for the credit union industry.

The article discusses the criminal indictment of Albert Segvec Gonzalez, who was also the mastermind behind the TJX Breach. It also discusses the 30 civil lawsuits against Heartland Payment Systems by Financial Institutions, Consumers, and Investors. More than 650 Institutions were affected by the breach.

Furthermore the article provides some insight on the FTC case alleging Goal Financial did not sufficiently safeguard personal data and the penalties that resulted from that case.

Finally, the article highlights steps that financial institutions can take to insure and mitigate risk. Insurance products can be designed to pay regulatory fines and penalties, 3rd party lawsuits including member lawsuits, and expenses associated with the data breach including compliance to red flag rules.

08/11/2009

Many of you may have heard about the SEC civil complaint alleging a massive ponzi scheme operated by Stanford Financial WSJ Article . Recently, plaintiffs filed a class action law suit against Willis Group, a UK-based insurance broker, and other defendants. The suit is filed on behalf of defrauded Mexican depositor clients of Houston based Stanford Financial Group and alleges Texas securities law violations by Willis and the co-defendants in the massive investment fraud scheme perpetrated by Stanford Financial Rueters Article.

It is alleged that "safety and soundness" letters from Bowen, Miclette & Britt were signed by Robert Winter without disclosure that Mr Winter was on the Board of Directors for Stanford International Bank news video from fox. Furthermore, the lawsuit filed in Dallas, states that 'Willis agreed to Stanford's request to provide "safety and soundness" letters, and that "the clear intention" was for the letters to be used in Stanford's marketing to help retain and attract clients." Rueters Article . These "safety and soundness" letters reportedly were sent to Stanford's agents identifying the insurance policies supposedly underlying Stanford International Bank's operations. The allegations are that Willis would provide these letters to Stanford, and at times, directly to investors, with the understanding that investors would rely on the letters in deciding whether or not the investment was safe and insured.

I've never understood why Organizations do not see the conflict of interest when having their insurance broker appointed to the Board of Directors. In many cases, an insurance broker is paid a commission, a percent based on the total premium that the insured organization pays. Under this model, as the insured organizations exposure grows, so does the insurance brokers compensation. As you can see, this could result in a conflict of interest. Furthermore, in the Stanford Case, the broker was sending out letters that investors perceived as an independent assesment of the financial institutions Risk Management. Obviously this was not the case.

Work with an independent broker that will advocate on your behalf (for that matter, it doesn't make sense to work with a Publicly traded broker in the first place- at a publicly traded firm, who's best interest does your broker have? yours or his shareholders? There is a reason why CPA's and attorney's are not publicly traded, but that is for another blog.). Insurance Brokers BOD duties should be restricted to Non Profits (where they often know many influential people and are great at fundraising) and to their own firms or associations. What ever the case, an insurance broker does not belong on the BOD of a client of the firm, whether or not that the insured is an individual client of the broker.

07/30/2009

On July 28th a suit was filed by Horizon Group Management over a twitter post by one of its residents who tweets: "Who said sleeping in a moldy apartment was bad for you? Horizon realty thinks it's okay."

The suit claims that Bonnen "maliciously and wrongfully published the false and defamatory Tweet on Twitter, thereby allowing the Tweet to be distributed throughout the world,".

With so many organizations looking at utilizing social networking, blogging, and tweeting it is important to understand the risks involved. Possible Personal and Advertising injury as well as Intellectual Property Infringement can easily occur by employees tweeting and blogging on behalf of your organization.

Furthermore, most commercial insurance policies will exclude Personal and Advertising injury "arising out of an electronic chat room or bulletin board the insured hosts, owns, or over which the insured exercise control" (ISO CG00 01 12 07). As well as Personal and Advertising injury "arising out of the infringement of copyright, patent, trademark, trade secret or other intellectual property rights" (ISO CG00 01 12 07).

Insurance companies are well aware of this exposure and have developed innovative products to assist in covering this potential gap. Professional, Communications, & Media Liability policies, in many forms are available as endorsements or stand alone products and will compliment your enterprise wide risk management program. In many cases, coverage is relatively inexpensive with minimum premiums as low as $2,000.

Don't be caught by surprise! Twitter, Blogs, Facebook and other social media exposures are soon becoming just another part of an organizations daily operations, and should be carefully considered in your risk management program.

There is a great article from the financial post on the personal liability of tweeting that you can find here:

07/29/2009

Here are some quick tips when it comes to renewal proposals on D&O policies:

Make sure you have a copy (from the policy) of the definition of claim and the policy wording regarding incident and claim reporting. Understand claim reporting and be sure to share the information on timing and responsibility with internal managers and staff.

The renewal meeting is a perfect opportunity to ask about whether or not there are any incidents or claims that should be reported. Document your file accordingly.

If you are moving coverage to a new Insurance Carrier:

·Be sure to review the renewal application. Check to see if there are any potential claims disclosed on the application to the new carrier that were not reported to the prior carrier.

·Be absolutely sure there is no change in the retroactive date such that would restrict prior acts coverage or any other change in terms that would preclude coverage for a claim that would have been covered under the expiring policy.

·Recommend to the client (in writing) that they report all actual claims and possible incidents to the expiring carrier within the prescribed period of time.

·If at all possible, have the new carrier except the “old carriers” application – in order to back date and utilize the same prior and pending litigation date. DO NOT have your client re-warrant the new insurance carrier’s application.

If you are renewing coverage, make sure you utilize the carrier’s renewal application and not a new business application. Why? The renewal application should NOT contain a claim/notice warranty question.

She was following Roberto Ceniceros blog on a New York appeals court ruling which awarded workers compensation benefits for an injury that occured at a clients gym, whom the claimant performed contract work. While the employer had not been compensated or required participation at the gym, it was found that the employer had encouraged the claimant to participate. http://www.businessinsurance.com/article/20090710/BLOGS02/907109997

While wellness programs have been around for decades, they continue to build steam as employers look to find ways to control employee benefit costs. However, Julie and Roberto bring up interesting points.

If an employer encourages, provides incentives, or in some way an employee feels they have been intimidated or coerced to participate, and an injury occurs, would workers compensation benefits be paid? If so, will underwriters rate for this? Will Workers Compensation costs go up?

Consider for a moment the opportunity for fraud... At our firm, our wellness team has organized many events including a walk-a-thon, yoga, boot camp, and many other fun activities. But what if an employee, after work, while walking and tracking his/her miles for the walk-a-thon fell and broke his/her leg and was out for two weeks? How would anyone be certain that this was a work related injury due to the wellness program, and not just an injury he/she sustained doing general chores around the house?

Tough questions that are sure to be tested in court. We'll have to wait and see.